package com.ztesoft.report.IsPermission.aop;

import com.ztesoft.report.IsPermission.annotion.isPermission;
import com.ztesoft.report.base.pojo.R;
import com.ztesoft.report.exception.RException;
import com.ztesoft.report.service.UserService;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.Signature;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.lang.reflect.Method;
import java.util.List;
import java.util.Map;

/**
 * @author :xie
 * Email: 1487471733@qq.com
 * Date: 2018/7/25
 * Time: 11:02
 * Describe:
 */
@Aspect //AOP 切面
@Component
public class VerifypermissionsAop {

/*    @Autowired
    private UserService userService;*/




    /**
     * 切入点
     */
    @Pointcut(value = "@annotation(com.ztesoft.report.IsPermission.annotion.isPermission)")
    private void pointcut() {

    }

    @Around("pointcut()&& @annotation(isPermission)")
    public Object around(ProceedingJoinPoint point,isPermission isPermission) throws NoSuchMethodException {
        boolean pression=false;

        Signature signature = point.getSignature();
        MethodSignature methodSignature = null;
        if (!(signature instanceof MethodSignature)) {
            throw new IllegalArgumentException("该注解只能用于方法");
        }
        methodSignature = (MethodSignature) signature;

        Object target = point.getTarget();
        Method currentMethod = target.getClass().getMethod(methodSignature.getName(), methodSignature.getParameterTypes());

        isPermission permission = currentMethod.getAnnotation(isPermission.class);
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        HttpSession session=request.getSession();
        Map map= (Map) session.getAttribute("map");

        String userId= (String) session.getAttribute("userId");

        List<String> list= (List<String>) map.get("queryAllPerms");

        if (list==null||list.size()==0){
            return R.error("请重新登陆");
        }

        String  staffId=(String) map.get("userId");

        //当用户id为1 时，跳过按钮权限验证
        if (!"1".equals(userId)){
            if (list!=null||list.size()!=0){
                for (int i=0;i<list.size();i++){
                    if (list.equals(permission.name())){
                        pression=true;
                        break;
                    }
                }
            }
            if (pression==false){
                return R.error("对不起，您没有权限操作");
                //throw new RException("对不起，您没有权限操作");
            }

        }




        try {
            return point.proceed(); //执行程序
        } catch (Throwable throwable) {
            throwable.printStackTrace();
            return throwable.getMessage();
        }
    }

/*    *//**
     * aop的顺序要早于spring的事务
     *//*
    @Override
    public int getOrder() {
        return 1;
    }*/
}
